Cloudflare claims to have the solution to end the CAPTCHA craze

The CAPTCHAs have for years been present in our lives, and each time have become simpler. However, it is increasingly common for us to skip the check in which we have to identify images. Cloudflare says the time has come to put an end to this nonsense with a rather curious solution.

CAPTCHAs, short for Completely Automated Public Turing test to tell Computers and Humans Apart, allow a website to determine whether or not the visitor is human. Google’s reCAPTCHA 2 is the most used today, where normally we only have to click to say that we are not a robot, and Google will analyze our previous activity to determine, through elements such as mouse movement, that we are human.

Cloudflare has had enough of the traditional CAPTCHA

The problem is when that verification fails. And lately it fails more than usual, moving us further away from reCAPTCHA 3, where Google promised that we weren’t even going to have to click. Instead, we are currently taking 32 seconds on average to complete this verification with images, with a complex and arduous process with poor quality images, with a system that works poorly on mobile phones, and where it is common to fail if we are in a hurry and not We pay attention.

Cloudflare captcha
Cloudflare Captcha

According to Thibault Meunier, an engineer at Cloudflare, he estimated that each user sees a CAPTCHA every 10 days, multiplying that number by 4.6 billion users and the average 32 seconds it takes to complete. According to his calculation, every day humanity loses 500 years doing CAPTCHAs.

For this reason, the Cloudflare engineer has presented an alternative called Cryptographic Attestation of Personhood. This system works simply. First, the user accesses a website protected by this system, such as, which they are using for testing.

Cloudflare security, captcha

USB keys are your solution, but they are expensive

On the web, there is a button that says (I am human) beta, and if we give it, the web will check that we are human. The new step comes now, where the web asks us to insert a USB security key, or Hardware Security Key. This key has USB and NFC connectivity, and can be used on a PC or mobile. The cryptographic key for that key is sent to Cloudflare, verifying the user quickly without having to resolve a CAPTCHA.

Among USB keys, Cloudflare offers initial support for three: the YubiKeyHyperFIDO, and Thetis FIDO U2F. The Yubikey are the most widespread, being very comfortable to use as a two-step verification and add security to our day to day. Thus, with the quick check of the web and USB keys, the check takes just five seconds, and with more respect for privacy than current CAPTCHAs.

USB keys security
USB keys

One of the problems with these keys is their price, which hardly falls below 50 euros. Meunier suggests that mobiles could be used as verification, since they do the same functionality as a USB key, being able to store cryptographic keys. However, for the time being the test will be limited to the USB keys, in addition to starting with the tests first in English-speaking regions.

In Technoeager | Zero Trust System, the future of big business cybersecurity

Leave a Reply